diff --git a/CHANGELOG.md b/CHANGELOG.md
index eeaa77a36..443027bcb 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,9 +9,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Changed
 
+- fj-core version set to 8.6.7 <https://github.com/fugerit-org/fj-doc/issues/382>
 - quarkus-version set to 3.21.1 across all the modules <https://github.com/fugerit-org/fj-doc/pull/344>
 
-
 ## [8.12.7] - 2025-03-26
 
 ### Changed
diff --git a/fj-doc-base/src/main/java/org/fugerit/java/doc/base/xml/DocXmlParser.java b/fj-doc-base/src/main/java/org/fugerit/java/doc/base/xml/DocXmlParser.java
index ba18bef71..e705eb76e 100644
--- a/fj-doc-base/src/main/java/org/fugerit/java/doc/base/xml/DocXmlParser.java
+++ b/fj-doc-base/src/main/java/org/fugerit/java/doc/base/xml/DocXmlParser.java
@@ -58,7 +58,7 @@ public DocXmlParser() {
 	protected DocBase parseWorker(Reader reader) throws DocException {
 		return SafeFunction.get( () -> {
 			DocContentHandler dch =  new DocContentHandler( this.docHelper, this.isFailWhenElementNotFound() );	
-			SAXParser parser = XMLFactorySAX.makeSAXParser( false ,  true );
+			SAXParser parser = XMLFactorySAX.makeSAXParserSecure( false ,  true );
 			DefaultHandlerComp dh = new DefaultHandlerComp( dch );
 			parser.parse( new InputSource(reader), dh);
 			return dch.getDocBase();
diff --git a/fj-doc-val-core/src/main/java/org/fugerit/java/doc/val/core/basic/XmlValidator.java b/fj-doc-val-core/src/main/java/org/fugerit/java/doc/val/core/basic/XmlValidator.java
index dad80a2a5..e3d6a0b4b 100644
--- a/fj-doc-val-core/src/main/java/org/fugerit/java/doc/val/core/basic/XmlValidator.java
+++ b/fj-doc-val-core/src/main/java/org/fugerit/java/doc/val/core/basic/XmlValidator.java
@@ -22,7 +22,7 @@ public XmlValidator() {
 
 	@Override
 	public DocTypeValidationResult validate(InputStream is) throws IOException {
-		return this.validationHelper( () -> XMLFactorySAX.makeSAXParser( true, true ).parse( is , new DefaultHandler() ) );
+		return this.validationHelper( () -> XMLFactorySAX.makeSAXParserSecure( true, true ).parse( is , new DefaultHandler() ) );
 	}
 
 }
diff --git a/pom.xml b/pom.xml
index 8a3bcd502..3d74f491a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -25,7 +25,7 @@
 	    <maven.compiler.target>${java-version-compliance}</maven.compiler.target>	
 	    <maven.compiler.release>${java-version-compliance}</maven.compiler.release>
 	    <!-- fj java versions -->
-	    <fj-version>8.6.6</fj-version>
+	    <fj-version>8.6.7</fj-version>
 	    <fj-doc-version>${project.version}</fj-doc-version>
 		<fj-doc-maven-plugin-version>${fj-doc-version}</fj-doc-maven-plugin-version>
 	    <fj-xml-to-json-version>1.2.1</fj-xml-to-json-version>
